Category Archives: Data Privacy

Internet Service Providers (ISPs) have gained power to limit people’s access to the internet. In March 2017, Congress reversed regulations imposed on ISPs under the Obama Administration. These regulations protected internet consumers from having their access to the internet restricted by ISPs. This note examines the history of net neutrality and why removing regulations on ISPs is dangerous for internet consumers. People are now at risk of having their data sold and being limited in which websites are available through their ISP.… Read the rest

This Note argues that a poisonous culture in the banking industry, to indiscriminately profit by cutting legal and ethical corners, led to the Wells Fargo scandal in 2016. Wells Fargo had wrongfully profited by incentivizing its employees to meet sales quotas by creating phony accounts using confidential customer information without consent. Although the employees acted alone, liability lies on the employer, Wells Fargo, under the theory of respondeat superior. In doing so, Wells Fargo violated unfair and deceptive financial practices law. Also the scandal raised the issue of whether the mandatory arbitration clause in a financial product purchase agreement should be enforced against consumers or not. This Note proposes a multifaceted solution to address the pandemic of bad faith banking practices.… Read the rest

Hacking and cybercrime are on the rise.[1] From 2013 to 2015, twenty major data breaches were reported at Fortune 100 companies.[2] Publicly traded companies who have securities disclosure obligations should be aware of their duties under the federal securities laws when it comes to data breaches and hacks.[3]

In 2011, the SEC Division of Corporation Finance issued guidelines for cyber incidents.[4] The SEC stated, “[A] number of disclosure requirements may impose an obligation on registrants to disclose such [cyber] risks and incidents,” although there are no explicit requirements referring to data breaches.

While major data breaches may be material to reasonable investors of public companies, there is no duty to promptly disclose the occurrence of cyber incidents unless there have been selective disclosures, previous misstatements or circumstances making the omission of the hack misleading.[5] The federal … Read the rest

With seemingly increasing frequency, news reports reveal data breaches involving personal data stored on commercial data servers. In some cases, the victims intentionally stored the data on the servers, while in others it was not the victims who stored the data, but a commercial entity, storing information about their customers. Whether or not users or the company uploaded the data kept on company servers, who holds the responsibility for keeping the data safe?

One of the more recent newsworthy breaches involved cloud storage: the recent celebrity nude photo hack against Apple’s iCloud service[1] that has generated intense publicity[2]. Despite some early news reports alluding to yet another flaw in an online service, Apple claims that the blame for the inadvertent exposure of celebrity data does not lie on Apple[3]. Instead, hackers attacked individual accounts from which they could deduce user names, passwords, … Read the rest

Personal data protection may be of concern anywhere, anytime in this information society. It is common to submit personal information to create digital identification or authorization to perform certain kinds of online activities, such as an electronic transaction. [1] In addition, all Internet traffic may be automatically tracked and restored by the visited website controller using Cookies technology or equivalent softwares. [2] There is a strong incentive to collect and store the data because it is valuable for business purposes in offering customized service and it is easy and cheap to do so. [3] However, it has not been guaranteed that data collectors manage the personal data in an appropriate manner. Thus, it has drawn the interests of the international society to establish personal data protection principles and have an effective redress or resolution method in case of breach.